July 17, 2020

Russian Hacker Exposes Health Care’s Cybersecurity Challenge

According to the Wall Street Journal, hospitals and researchers have been fending off a surge in cyber attacks since March 2020.

“Intelligence agencies in the U.S. and U.K. are now warning that other nations are targeting health-care organizations and pharmaceutical companies with cyberattacks. But security chiefs at hospitals, research facilities, and drugmakers say they have been under siege for months already.

Thursday’s alert from the National Cyber Security Centre in the U.K., backed by U.S. and Canadian agencies, was unusually direct in its attribution, blaming a hacking group linked to Russian security services. The Kremlin has refuted the allegations.

The latest alert followed a warning in May from the NSCS and the Cybersecurity and Infrastructure Security Agency in the U.S., which warned that hackers were actively targeting these organizations.

The problem isn’t new for these companies, who have been dealing for months with volumes of attack attempts that far outstrip what they detected before the pandemic. Security chiefs say they are now routinely called upon by board members and other executives to discuss specific threats.”

That last paragraph is alarming and it is why we decided to create this website. The COVID-19 pandemic has triggered an eruption of malicious cyberattacks on U.S. government agencies, universities, laws firms, banks, health care facilities, and private corporations

These facilities – as well as citizens in the private sector – are targeted on a daily basis for the data relating to personal identifying information, credit card information, trade secrets, and other sensitive corporate and personal data.

Cyber Attacks on Health Care and Pharmaceutical Firms

Cyber attacks on heath care facilities and pharmaceutical firms has specifically increased.

One head of security for a Swiss pharmaceutical firm, Roche Holding AG, says senior executives recently approached her after reading about attacks on companies such as theirs, which is developing an antibody test for Covid-19.

Roche’s chief financial officer wanted to know how the cybersecurity team would battle elevated threats, and business-unit leaders questioned how they could be affected, Vicky Imber said.

“We’re on high alert,” she added.

The Federal Bureau of Investigation and CISA in May issued a separate warning about similar attempts by Chinese-backed hackers to steal research, an accusation also leveled by European Union officials in June, which Beijing also has consistently denied.

Health-care organizations and medical research facilities have long been attractive targets of hackers for their trove of patient data and valuable intellectual property, but also have been singled out by criminal gangs extensively during the pandemic.

London-based Hammersmith Medicines Research Ltd., which performed Covid-19 tests, fell victim to a ransomware attack in late March, while Illinois’s Champaign-Urbana Public Health District was forced to pay a $350,000 ransom in March after hackers locked out its files.

As stated by James Rundle from the Wall Street Journal, health care organizations, medical research facilities, and pharmaceutical firms alike are being singled out by the new age of hackers in the post COVID-19 era.

The British government has put special protections in place for a number of research hubs, including the University of Oxford, which is working on a coronavirus vaccine.

Hospitals say they are inundated with phishing campaigns and that hackers are trying to get into their systems through suppliers. The bulk of attacks are opportunistic attempts to steal credentials or infect systems with ransomware, but Thursday’s alert warned of an unusual level of sophistication, including the use of custom malware.

Security experts say health-care networks in particular are difficult to defend once a hacker is inside because they are often set up to allow information to flow relatively freely. This is so data such as research and analysis, medical information, and other critical data can pass to the many different systems needed for patient care or study.

With this level of free flowing information throughout the healthcare industry, it is important that these health-care networks establish the precautionary measures and outline both proactive and reactive response plans as they try to defend against these targeted cyber attacks aimed directly at their industry.

Standard Posts , , , , ,
About Editorial Board

Leave a Reply

Your email address will not be published. Required fields are marked *